- Do not let unauthorized visitors or contractors beyond your waiting room without a properly signed Associates Agreement. This document reduces Your risk.
- This document is required per 45CFR164.502 and 45CFR314(a)(2)(i)
- $75 for office-wide use license
- PHI Brief: this briefing is for non-medical contractors.
This briefing gives the simple details a non-medical contractor
needs to understand about PHI, what PHI is and that they are not to talk about it.
Online Employee HIPAA Training
- Annual Security Awareness training for all employees is required…
- Tracking all of this is required and a nightmare…
- Online training reduces office down time…
- Full & complete online tracking simplifies your life…
- Automatically reminds staff about upcoming training…
- Annual awareness training required per 45CFR164.308(a)(5)(i)
- Specific training available for:
- HIPAA Security Official
- IT Department
- Up to 25 users is $30 per month (for more than 25 users call)
HIPAA regulations require every Covered Entity to have a Contingency Plan.
According to HIPAA Regulations, your Contingency Plan must have:
- Data Backup Plan
- Disaster Recovery Plan
- Emergency Mode of Operation Plan
- Testing & Revision Procedures
- Applications & Data Criticality Analysis
This is also a smart business practice.
Our HIPAA compliant Contingency Plan is a step by step checklist to help you get your medical business in operation immediately following a disaster.
One of the issues that makes having a detailed plan with checklists so important, is when disaster strikes, you may not be thinking as clearly as usual.
You want to be able to grab a checklist, and go through the steps so your business can be back to treating patients and generating revenue.
Hard Drive Encryption
Here at HIPAA Audit.com, we highly discourage storing ePHI, or any sensitive data, on a mobile device.
For the record, a mobile device can be:
- A laptop
- A “thumb drive”
- An external hard drive
- A CD or DVD
BUT, if you find it absolutely necessary to store ePHI on a mobile device, then make sure to encrypt that device.
What is Encryption?
Wikipedia tells us:
…encryption is the process of transforming information (referred to as plaintext) using an algorithm (called cipher) to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The result of the process is encrypted information (in cryptography, referred to as ciphertext). In many contexts, the word encryption also implicitly refers to the reverse process, decryption (e.g. “software for encryption” can typically also perform decryption), to make the encrypted information readable again (i.e. to make it unencrypted).
In plain English, encryption scrambles data so it is useless unless you have the correct password.
“How is this different from the Windows or Excel password I use?”
It is quite simple to bypass password protection on an operating system.
In fact, just last month we had a client who needed to get into a laptop that
hadn’t been used in a while, and they forgot the password.
All we did was remove the hard drive, attach it to a Linux computer and shazam, we were in.
Excel & Word password can be cracked with free software in minutes.
A properly encrypted hard drive would take thousands of years to crack into.
What does this do for me?
Safe Harbor is a key term in the world of HIPAA regulations.
It basically means that you’ve done everything you can to reasonably protect ePHI.
If you have a laptop or hard drive stolen that contains ePHI and the hard drive is encrypted, you will have Safe Harbor for that event.
This can potentially save you thousands of dollars in expenses and and an untold amount in Public Relations.
- Full encryption of 1 computer, OR
- Full encryption of 1 external device (USB “thumbdrive” or external hard drive (hardware is not included)
- BONUS: Now includes a HIPAA Computer Encryption Policy
Employee Computer Policy
- The mandatory baseline document for outlining the security requirements of your employees. If your employees have not confirms, in writing, their understanding, then You are at risk.
- Required per 45CFR164.308(a)(1)(i)
- $270 Download
- $480 printed and in a binder
Data Backup Plan – Off Site Backup Service
- Fully automated HIPAA compliant backup of your critical business data,
- Full Service – Maintenance, upgrades, modification all handled for you remotely – nothing for anyone in your office to learn!
- Disaster Recover Plan included in service ( $570 value)
- Required per 45CFR164.308(a)(7)(ii)(A) / 45CFR1643.08(a)(7)(ii)(B)
- Plans start at $97 per month
If you are replacing any computer OR any device that has had PHI stored on it, you must dispose of it according to HIPAA requirements.
Additionally, you must have a policy in place that details this exact process.
We have done all of the hard work for you in our HIPAA compliant Computer Disposal Policy.
BONUS: Included with this computer disposal policy is hard drive erasing software that will completely over write all data on the hard drive.
Before you dispose of a computer from your office whether you plan to:
- throw away the computer
- give the computer to charity
- give the computer to an employee
- give the computer to anyone
You must ensure all PHI is removed from the computer…and DELETING does not do it!